e2factory is a software management and build system that is optimized for industrial requirements. e2factory supports the entire product life-cycle management of the embedded software components in customer projects, in particular, but not only, at board support package level.
Consequent bottom-up approach
In contrast to distribution-based system development, the compilation of the necessary software in e2factory takes place bottom-up according to the product-specific requirements on the basis of qualified mainline sources. e2factory offers a clear separation between build system, sources, adaptations and build recipes.
e2factory is subject to the GPLv3 and is freely available as a development tool.
For industrial use, the following characteristics and additional benefits are of primary importance:
e2factory enables easily understandable, reduced-complexity usage and offers a high transparency of the build process and the respective build result. The traceability of changes and the stringent version management simplify life-cycle management significantly.
- Simple and transparent to use
- Low complexity with focused functionality
- Detailed documentation (e2factory professional)
- Multi-user-capability through client/server architecture
- Packages, drivers and libraries from different sources can be utilized (e.g. upstream, Yocto, hardware manufacturers)
- Transparent compilation of complexity-reduced Linux board support packages (BSPs)
- Simple integration of processor and board-specific adaptations
- Creation of valid tool chains for external use with, for example, Eclipse
- Integrated version management; an unlimited number of versions of a system can be administered in a project
- Valid traceability of all changes
- Configurations are easily adaptable and reviewable
e2factory supports the use of mainline sources and a bottom-up process for putting together Linux board support packages (BSPs). This results in an inherent hardening of the system with higher transparency and minimal dependencies. Improvements from the community can be taken over quickly and with minimal effort for their integration.
- Targeted, quality-assured compilation of BSPs without undesired patches, version conflicts, dependencies etc.
- Prepared for community-near working (mainline compliance)
- The selection of components takes place according to requirements
- The adoption of components is performed according to the architectural pre-requirements of the system design
- Sources can be taken directly from the community upstream (No distribution lock-in)
- Packages, drivers, libraries from other sources (e.g. Yocto) can be utilized
- Open source compliance: e2factory supports reliable licence management
- Continuous updating is possible via differential updates of individual packages
e2factory simplifies the norm-conforming development of Linux systems, for example according to IEC 62304, WELMEC and common criteria:
- e2factory has been developed using its own test suite
- Build computer and person-independence through separated, distributed development in containers
- Automated creation of technical documentation and authorization documents using information from the build process
- Automated system integration in continuous integration systems for nightly builds and automated tests
- Continuous traceability of requirements, build results and the associated documentation (IEC62304)
- Requirements (or their numbers) flow into the build results and build-ID (images and documentation) via meta data
- Automated construction of documentation required by norms, e.g. SOUP lists and detailed design from IEC62304
- Creation of package lists for comparison with test protocols (see TAF) for the determination of test coverage.
- Validatable integrity and reproducibility of all software versions and their documentation through checksum (hash tree) of all input parameters (sources, build scripts, configuration, build environment)
- Unique build-ID for every build result (root checksum of the corresponding hash tree)
The extent of the process security and automation of build, integration and test processes (build and software management) of the system directly influences the personnel costs and the person-independence of care and maintenance. The increased costs and risks resulting from repeated adaptations, the frequent lack of documentation and high complexity of distributions are avoided.
- High transparency of the software and the build process
- Efficient and reliable life-cycle management across diverse software versions
- Validatable integrity and reproducibility of all software versions and their documentation through unique build-IDs
- Auditable tracking and tracing of changes
- Software package management on the host and target (optional)
- Person and build computer independence of the build process
- Patches and packages from upstream can be taken over "barrier-free" and without delay (mainline compliance)
- Packages, drivers and libraries from other sources (e.g. Yocto, hardware manufacturers) can be used
- Integration into CI systems is supported
- Licence changes can be handled with minimal effort
- System software is much more transparent and easier to test
Ensuring a high level of IT security for network-integrated products is made possible by using sources from the community. Security monitoring only becomes economically feasible through the inherent hardening of the BSP and the traceable documentation.
- Fast adoption of security patches and package updates from the upstream community
- Inherent hardening of the board support package (BSP) through the bottom-up approach
- Individual security patches can be integrated and rolled out version-safe (full traceability)
- Auditable software change management and checking of the integrity of the system configuration
- With package updates, the transparent, reduced structure means that possible dependencies can be immediately removed/resolved
- Security patches in the maintenance phase are reproducible and traceable
- e2factory enables economical security monitoring and patch management
The costs for development and maintenance are heavily influenced by the size and complexity of an embedded Linux BSP. The development method used (distribution-based or mainline-based system development) also has a strong influence on the type and costs of maintenance and thereby the investment security. Low complexity and size have a positive influence on the costs.
- Build automation management with defined costs
- Defined technical processes for effective release and software change management
- Low-cost open source compliance through integration of licence information and automated creation of component lists
- Secure, distributed working across various locations (e2factory workbench) enables the synchronous use of limited development capacities
- Parallel working of developers (multi-user capability) enables a shorter time-to-market
- No distribution lock-in, no costs for unwanted patches or version conflicts
- Supports the low-cost maintenance of product variants and families
- Fast reaction to hardware changes through the efficient maintenance of multiple variants of a system on an identical code basis (obsolescence management)
- Extension of system functions at plannable costs through differential updates of individual components
- No uncontrolled costs through distribution upgrades
When combined with a mainline, bottom-up approach, e2factory supports development that meets open source compliance requirements. For the software components contained in an industrial product the information about their origin and quality as well as their exact designation and version can be integrated into the software itself. Included open source licences can be documented and administrated in a valid and traceable manner, and are components of the unique build ID.
- Creation and maintenance of a reliable software supply chain
- Availability of trustworthy compliance information
- Bottom-up approach and minimized dependencies allow for comprehensive licence management
- Taking over of original sources and make instructions
- Possibility for signing of the build process by authorized persons
- Automated creation of a component list (bill of material) for conformity and supply chain declarations
- Only qualified code is part of the system
- Automated creation of the licence information (OSS declaration) including automated compilation of the licence texts in files
- Complete traceability of all changes, including changes to licences
- Economical licence management throughout the product life cycle
e2factory is an emlix brand and is continuously maintained and further developed under the responsibility of emlix. There are clear paradigms in the areas of reliability, backwards compatibility and validatability with central reviewing. e2factory updates are carefully planned, thoroughly tested (comprehensive test suite) and tailored to each individual customer.
When the requirements on process security across the life cycle are lower and there is also a necessity to provide a suitable development environment for anonymous application developers, an alternative is offered by the reduced use of Yocto with the Yocto build system BitBake as well as the minimal distribution Poky-Tiny.